ragweed 0.2.6 → 0.2.7
Sign up to get free protection for your applications and to get access to all the features.
- data/VERSION +1 -1
- data/lib/ragweed/debugger32.rb +12 -15
- data/lib/ragweed/debuggertux.rb +3 -0
- data/lib/ragweed/utils.rb +1 -0
- data/lib/ragweed/wrap32/process.rb +4 -12
- data/lib/ragweed/wrap32/wrap32.rb +36 -2
- data/ragweed.gemspec +2 -2
- metadata +4 -4
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.2.
|
1
|
+
0.2.7
|
data/lib/ragweed/debugger32.rb
CHANGED
@@ -37,9 +37,7 @@ class Ragweed::Debugger32
|
|
37
37
|
def addr; @addr; end
|
38
38
|
|
39
39
|
def install
|
40
|
-
if @addr == 0 or @deferred == true
|
41
|
-
return
|
42
|
-
end
|
40
|
+
return if @addr == 0 or @deferred == true
|
43
41
|
|
44
42
|
o = @process.read8(@addr)
|
45
43
|
|
@@ -146,9 +144,7 @@ class Ragweed::Debugger32
|
|
146
144
|
# breakpoints are always re-set after firing. If you don't want them to be
|
147
145
|
# re-set, unset them manually.
|
148
146
|
def breakpoint_set(ip, callable=nil, &block)
|
149
|
-
if not callable and block_given?
|
150
|
-
callable = block
|
151
|
-
end
|
147
|
+
callable = block if not callable and block_given?
|
152
148
|
|
153
149
|
def_status = false
|
154
150
|
|
@@ -229,10 +225,10 @@ class Ragweed::Debugger32
|
|
229
225
|
|
230
226
|
# FIX: this method should be a bit more descriptive in its naming
|
231
227
|
def get_dll_name(ev)
|
232
|
-
name = Ragweed::Wrap32::get_mapped_filename(@p.handle, ev.base_of_dll,
|
228
|
+
name = Ragweed::Wrap32::get_mapped_filename(@p.handle, ev.base_of_dll, 1024)
|
233
229
|
name.gsub!(/[\n]+/,'')
|
234
230
|
name.gsub!(/[^\x21-\x7e]/,'')
|
235
|
-
i = name.index('0')
|
231
|
+
i = name.index('\0')
|
236
232
|
i ||= name.size
|
237
233
|
return name[0, i]
|
238
234
|
end
|
@@ -240,19 +236,20 @@ class Ragweed::Debugger32
|
|
240
236
|
def on_load_dll(ev)
|
241
237
|
dll_name = get_dll_name(ev)
|
242
238
|
|
243
|
-
|
244
|
-
|
245
|
-
|
246
|
-
|
239
|
+
## Temporary breakpoint dup is used because
|
240
|
+
## Ruby 1.9 will not support insertion into
|
241
|
+
## @breakpoints while iterating through it
|
242
|
+
tmp_bp = @breakpoints.dup
|
243
|
+
tmp_bp.each_pair do |k,bp|
|
244
|
+
## If the bp is a string its probably deferred
|
245
|
+
next if !bp.addr.kind_of?String
|
247
246
|
|
248
247
|
m,f = bp.addr.split('!')
|
249
248
|
|
250
249
|
if dll_name =~ /#{m}/i
|
251
250
|
deferred = bp.deferred
|
252
251
|
|
253
|
-
if deferred == true
|
254
|
-
bp.deferred = false
|
255
|
-
end
|
252
|
+
bp.deferred = false if deferred == true
|
256
253
|
|
257
254
|
new_addr = bp.deferred_install(ev.file_handle, ev.base_of_dll)
|
258
255
|
|
data/lib/ragweed/debuggertux.rb
CHANGED
@@ -109,6 +109,9 @@ class Ragweed::Debuggertux
|
|
109
109
|
@installed = false
|
110
110
|
end
|
111
111
|
|
112
|
+
def installed?; @installed; end
|
113
|
+
def attached?; @attached; end
|
114
|
+
|
112
115
|
# This has not been fully tested yet
|
113
116
|
def set_options(option)
|
114
117
|
r = Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::SETOPTIONS, @pid, 0, option)
|
data/lib/ragweed/utils.rb
CHANGED
@@ -49,26 +49,18 @@ class Ragweed::Process
|
|
49
49
|
# that have just been loaded and detected by a LOAD_DLL
|
50
50
|
# event. It is called from on_load_dll() -> deferred_install()
|
51
51
|
def get_deferred_proc_remote(name, handle, base_of_dll)
|
52
|
-
if !name.kind_of?String
|
53
|
-
return name
|
54
|
-
end
|
52
|
+
return name if !name.kind_of?String
|
55
53
|
|
56
54
|
mod, meth = name.split "!"
|
57
55
|
|
58
|
-
if mod.nil? or meth.nil?
|
59
|
-
raise "can not set this breakpoint: #{name}"
|
60
|
-
end
|
56
|
+
raise "can not set this breakpoint: #{name}" if mod.nil? or meth.nil?
|
61
57
|
|
62
58
|
modh = handle
|
63
59
|
|
64
60
|
# Location is an offset
|
65
61
|
if is_hex(meth)
|
66
62
|
baseaddr = 0
|
67
|
-
modules.each
|
68
|
-
if m.szModule == mod
|
69
|
-
break
|
70
|
-
end
|
71
|
-
end
|
63
|
+
modules.each { |m| break if m.szModule == mod }
|
72
64
|
|
73
65
|
ret = base_of_dll + meth.hex
|
74
66
|
else
|
@@ -99,7 +91,7 @@ class Ragweed::Process
|
|
99
91
|
if is_hex(meth)
|
100
92
|
baseaddr = 0
|
101
93
|
modules.each do |m|
|
102
|
-
if m.szModule
|
94
|
+
if m.szModule.to_s.match(/#{mod}/)
|
103
95
|
baseaddr = m.modBaseAddr
|
104
96
|
break
|
105
97
|
end
|
@@ -67,6 +67,29 @@ module Ragweed::Wrap32
|
|
67
67
|
GENERIC_ALL = 0x10000000
|
68
68
|
end
|
69
69
|
|
70
|
+
module PipeOpenMode
|
71
|
+
PIPE_ACCESS_DUPLEX = 0x00000003
|
72
|
+
PIPE_ACCESS_INBOUND = 0x00000001
|
73
|
+
PIPE_ACCESS_OUTBOUND = 0x00000002
|
74
|
+
FILE_FLAG_FIRST_PIPE_INSTANCE = 0x00080000
|
75
|
+
FILE_FLAG_WRITE_THROUGH = 0x80000000
|
76
|
+
FILE_FLAG_OVERLAPPED = 0x40000000
|
77
|
+
WRITE_DAC = 0x00040000
|
78
|
+
WRITE_OWNER = 0x00080000
|
79
|
+
ACCESS_SYSTEM_SECURITY = 0x01000000
|
80
|
+
end
|
81
|
+
|
82
|
+
module PipeMode
|
83
|
+
PIPE_TYPE_BYTE = 0x00000000
|
84
|
+
PIPE_TYPE_MESSAGE = 0x00000004
|
85
|
+
PIPE_READMODE_BYTE = 0x00000000
|
86
|
+
PIPE_READMODE_MESSAGE = 0x00000002
|
87
|
+
PIPE_WAIT = 0x00000000
|
88
|
+
PIPE_NOWAIT = 0x00000001
|
89
|
+
PIPE_ACCEPT_REMOTE_CLIENTS = 0x00000000
|
90
|
+
PIPE_REJECT_REMOTE_CLIENTS = 0x00000008
|
91
|
+
end
|
92
|
+
|
70
93
|
module FormatArgs
|
71
94
|
FROM_SYSTEM = 4096
|
72
95
|
ALLOCATE_BUFFER = 256
|
@@ -108,6 +131,7 @@ module Ragweed::Wrap32
|
|
108
131
|
attach_function 'Sleep', [ :long ], :long
|
109
132
|
attach_function 'DuplicateHandle', [ :long, :long, :long, :pointer, :long, :long, :long ], :long
|
110
133
|
attach_function 'CreateFileA', [ :pointer, :long, :long, :pointer, :long, :long, :pointer ], :long
|
134
|
+
attach_function 'CreateNamedPipeA', [ :pointer, :long, :long, :long, :long, :long, :long, :pointer ], :long
|
111
135
|
attach_function 'OpenEventA', [ :long, :long, :pointer ], :long
|
112
136
|
attach_function 'CreateEventA', [ :long, :long, :long, :pointer ], :long
|
113
137
|
attach_function 'SetEvent', [ :long ], :long
|
@@ -466,10 +490,20 @@ module Ragweed::Wrap32
|
|
466
490
|
opts[:access] ||= FileAccess::GENERIC_ALL
|
467
491
|
opts[:flags] ||= 0
|
468
492
|
|
469
|
-
r = Win.CreateFileA(name, opts[:access], opts[:sharing], NULL, opts[:disposition], opts[:flags], NULL)
|
493
|
+
r = Win.CreateFileA(name, opts[:access], opts[:sharing], FFI::Pointer::NULL, opts[:disposition], opts[:flags], FFI::Pointer::NULL)
|
470
494
|
raise WinX.new(:create_file) if r == -1
|
471
495
|
return r
|
472
496
|
end
|
497
|
+
|
498
|
+
def create_named_pipe(name, opts={})
|
499
|
+
opts[:open_mode] ||= PipeOpenMode::PIPE_ACCESS_DUPLEX | PipeOpenMode::FILE_FLAG_OVERLAPPED
|
500
|
+
opts[:pipe_mode] ||= PipeMode::PIPE_TYPE_MESSAGE | PipeMode::PIPE_READMODE_MESSAGE | PipeMode::PIPE_WAIT
|
501
|
+
opts[:max_inst] ||= 4
|
502
|
+
opts[:def_timeout] ||= 5000
|
503
|
+
r = Win.CreateNamedPipeA(name, opts[:open_mode], opts[:pipe_mode], opts[:max_inst], opts[:out_buf_sz], opts[:in_buf_sz], opts[:def_timeout], FFI::Pointer::NULL)
|
504
|
+
raise WinX.new(:create_named_pipe) if r == -1
|
505
|
+
return r
|
506
|
+
end
|
473
507
|
|
474
508
|
# i haven't made this work, but named handles are kind of silly anyways
|
475
509
|
def open_event(name)
|
@@ -533,7 +567,7 @@ module Ragweed::Wrap32
|
|
533
567
|
return buf, outw.unpack("L").first
|
534
568
|
end
|
535
569
|
|
536
|
-
def device_io_control(h, code, inbuf, outbuf, overlapped=NULL)
|
570
|
+
def device_io_control(h, code, inbuf, outbuf, overlapped=FFI::Pointer::NULL)
|
537
571
|
overlapped = overlapped.to_s if overlapped
|
538
572
|
outw = "\x00" * 4
|
539
573
|
r = Win.DeviceIoControl(h, code, inbuf, inbuf.size, outbuf, outbuf.size, outw, overlapped)
|
data/ragweed.gemspec
CHANGED
@@ -5,11 +5,11 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{ragweed}
|
8
|
-
s.version = "0.2.
|
8
|
+
s.version = "0.2.7"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = [%q{tduehr}, %q{struct}, %q{tqbf}]
|
12
|
-
s.date = %q{2011-
|
12
|
+
s.date = %q{2011-12-06}
|
13
13
|
s.description = %q{General debugging tool written in Ruby for OSX/Win32/Linux}
|
14
14
|
s.email = %q{td@matasano.com}
|
15
15
|
s.extra_rdoc_files = [
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ragweed
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 25
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 0
|
8
8
|
- 2
|
9
|
-
-
|
10
|
-
version: 0.2.
|
9
|
+
- 7
|
10
|
+
version: 0.2.7
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- tduehr
|
@@ -17,7 +17,7 @@ autorequire:
|
|
17
17
|
bindir: bin
|
18
18
|
cert_chain: []
|
19
19
|
|
20
|
-
date: 2011-
|
20
|
+
date: 2011-12-06 00:00:00 Z
|
21
21
|
dependencies:
|
22
22
|
- !ruby/object:Gem::Dependency
|
23
23
|
name: ffi
|